A rate limiting mechanism for defending against flooding based distributed denial of service attack

The distributed denial of service attack is a major threat to current internet security. One of the most threatening type is flooding based DDoS attack. In this paper we have proposed a defense mechanism for flooding based DDoS attack based on the concept of rate limiting the attack traffic The propose defense framework consist of three major components, detection, IP traceback and bandwidth control component. The proposed defense system is a distributed mechanism because it is deployed on all edge routers of the network. Our defense algorithm that is bandwidth control algorithm mainly tries to keep the server load within the maximum and minimum server load limits. The bandwidth control component at the victim end set up rate limits according to server load and source end traffic rate with the help of bandwidth control component at source end. The proposed rate limiting scheme will penalize the different attackers based on their rate limits and server load. The rate limit value for each attacker router is calculated dynamically. The victim end defense system decrease the rate limit exponentially and increase it linearly based on the attack traffic rate.